dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
98f9b7792bb54a67aa929b75740541e93d479ef8
mxaccessgw/src/MxGateway.Server/Security/Authorization/GatewayScopes.cs
T
Joseph Doherty 1d9e3afadd Resolve Server-002, -004, -005, -006 code-review findings 
Server-002: the gateway never terminated leftover MxGateway.Worker.exe
processes at startup, contradicting gateway.md and CLAUDE.md. Added
IRunningProcessInspector/SystemRunningProcessInspector, OrphanWorkerTerminator,
and OrphanWorkerCleanupHostedService (best-effort, runs before sessions are
accepted); updated gateway.md to describe the implemented behavior.

Server-004: API-key scopes were persisted verbatim with no validation. Added
GatewayScopes.All/IsKnown; the CLI parser and dashboard create path now
reject unknown scope strings.

Server-005: a non-SqlException/InvalidOperationException fault on the initial
Galaxy hierarchy load faulted the BackgroundService. ExecuteAsync now catches
all non-cancellation exceptions on first load and RefreshCoreAsync broadens
its catch so the cache records Stale/Unavailable instead.

Server-006: OpenSessionAsync incremented the open-sessions gauge before
alarm auto-subscribe; an auto-subscribe failure leaked the gauge. The catch
path now calls SessionRemoved() when the gauge was incremented.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 21:31:10 -04:00

38 lines
1.5 KiB
C#
Raw Blame History

namespace MxGateway.Server.Security.Authorization;
public static class GatewayScopes
{
public const string SessionOpen = "session:open";
public const string SessionClose = "session:close";
public const string InvokeRead = "invoke:read";
public const string InvokeWrite = "invoke:write";
public const string InvokeSecure = "invoke:secure";
public const string EventsRead = "events:read";
public const string MetadataRead = "metadata:read";
public const string Admin = "admin";
/// <summary>
/// The complete catalog of canonical scope strings the gateway authorization
/// resolver recognizes. Key-creation paths (CLI and dashboard) validate requested
/// scopes against this set so a typo or non-canonical name cannot persist a key
/// whose scope strings the resolver never matches.
/// </summary>
public static readonly IReadOnlySet<string> All = new HashSet<string>(
[
SessionOpen,
SessionClose,
InvokeRead,
InvokeWrite,
InvokeSecure,
EventsRead,
MetadataRead,
Admin,
],
System.StringComparer.Ordinal);
/// <summary>Determines whether the supplied scope string is a recognized canonical scope.</summary>
/// <param name="scope">Scope string to check.</param>
/// <returns><see langword="true"/> when the scope is canonical; otherwise <see langword="false"/>.</returns>
public static bool IsKnown(string scope) => All.Contains(scope);
}
Reference in New Issue View Git Blame Copy Permalink